ACL: refactor+fix AUTH check in processCommand().

The part that is fixed is that now if the default user is off whatever is its configuration the user is not considered authenticated.
2019-02-11 16:47:02 +01:00 · 2019-02-11 16:47:02 +01:00 · f8a6132f15
commit f8a6132f15
parent df346bca39
1 changed files with 11 additions and 8 deletions
--- a/src/server.c
+++ b/src/server.c
@ -3298,14 +3298,17 @@ int processCommand(client *c) {
        return C_OK;
    }

-    /* Check if the user is authenticated */
-    if (!(DefaultUser->flags & USER_FLAG_NOPASS) &&
-        !c->authenticated &&
-        (c->cmd->proc != authCommand || c->cmd->proc == helloCommand))
-    {
-        flagTransaction(c);
-        addReply(c,shared.noautherr);
-        return C_OK;
+    /* Check if the user is authenticated. This check is skipped in case
+     * the default user is flagged as "nopass" and is active. */
+    int auth_required = !(DefaultUser->flags & USER_FLAG_NOPASS) &&
+                        !c->authenticated;
+    if (auth_required || DefaultUser->flags & USER_FLAG_DISABLED) {
+        /* AUTH and HELLO are valid even in non authenticated state. */
+        if (c->cmd->proc != authCommand || c->cmd->proc == helloCommand) {
+            flagTransaction(c);
+            addReply(c,shared.noautherr);
+            return C_OK;
+        }
    }

    /* Check if the user can run this command according to the current